I have set up login-module "Database" in Jboss 7.1 with encrypted password(sha-256). All works.
But now I am wondering how I can use Salts or hash iteration counts.
When encoding a password with a salt or iterate the hash-encoding for a number of times, then the encrypted password cannot be decrypted by Jboss LoginModule, hence the authentication does not work anymore.
As stated here http://www.jasypt.org/howtoencryptuserpasswords.html, it would be more secure to use a salt and a iterationcount of at least 1000 when encoding a password.
So my question is: How could I make jboss loginmodule aware of recognising a salt or a hash iteration count?
Have a look at http://www.rtner.de/software/PBKDF2.html. Download the source file and in that a implementation of the above is done in SaltedDatabaseServerLoginModule, as fare as I can see.